December Anointed as Critical Infrastructure Protection and Resilience Month

In an increasingly digital world, information systems pervade nearly every aspect of our daily lives, controlling the function of everything from transportation and communications to the power grid and the financial industry. An event that inhibits the proper function of these networks has the potential to have a devastating impact on the country's economic well being and national defense preparedness. In recognition of the importance that the security of these networks has on the nation's well being, President Obama has declared December to be National Critical Infrastructure Protection and Resilience Month.

"Cyber incidents can have devastating consequences on both physical and virtual infrastructure, which is why my Administration continues to make cybersecurity a national security priority," the President stated in a proclamation.

Of primary concern is the state of security for Industrial Control Systems (ICS), which include supervisory control and data acquisition (SCADA) networks. Members of the President's administration, most notably Secretary of Defense Leon Panetta, have repeatedly expressed alarm over vulnerabilities in systems governing the nation’s critical infrastructure that could result in catastrophic events should those networks be targeted my malicious actors.

“A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11. Such a destructive cyber terrorist attack could paralyze the nation,” Panetta warned in October. “An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country,” Panetta said.

The protection of ICS networks became a front page issue after the emergence of the Stuxnet virus in 2010. Stuxnet is sophisticated designer malware that is thought to have caused damage to equipment at Iran’s uranium enrichment facilities. Stuxnet is considered a game changer because the infection did not merely affect the targeted systems, but actually inflicted kinetic damage on the equipment those systems controlled, a consequence that had not previously been seen as far as malware attacks are concerned.

"All Americans have a part to play in protecting our critical infrastructure and making it more resilient, and my Administration continues to engage stakeholders in doing what it takes to keep our people safe and our assets secure. This month, we rededicate ourselves to raising awareness of the importance of critical infrastructure and to doing all we can to protect it," President Obama stated.

The President also used proclamation as an opportunity to pressure Congress into acting on a number of legislative proposals that have fallen victim to partisan politics during his first term, most notably the Cybersecurity Act of 2012. The bill was co-sponsored by Senators Joseph Lieberman, Susan Collins, John D. Rockefeller IV, and Dianne Feinstein, and was widely hailed as having the best chance at passage, though it was ultimately blocked late this summer and failed to gain ground in the post-election lame duck Congressional session.

"As we continue to work within existing authorities to fortify our country against cyber risks, comprehensive legislation remains essential to improving infrastructure security, enhancing cyber information sharing between government and the private sector, and protecting the privacy and civil liberties of the American people," the President said.

Though the anointing of December as National Critical Infrastructure Protection and Resilience Month will probably work to keep the issue at the forefront of American political discourse, it is unlikely that there will be any comprehensive progress on the establishment of a national cybersecurity policy that will work to protect the nation's critical infrastructure any time soon.

Share this post:

You May Also Be Interested In:

Anthony M. Freed is an information security journalist and editor who has authored numerous feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets, including The New York Times, Reuters, The Register, Financial Times of London, MSNBC, Fox News, PC/IT/Computer/Tech World, eWeek, SC Magazine, CSO Magazine, Federal News Radio, The Herald-Tribune, Naked Security, and many more. Anthony was the Managing Editor of Infosec Island, an online community designed for IT and network professionals who manage security, risk and compliance issues.